Privacy Policy

Tosly is a Chrome extension that reads Terms of Service and Privacy Policy pages and flags clauses that may harm the user. This document explains exactly what data the extension processes, why, and what we never do with it. We aim to be specific - vague privacy policies are how companies hide bad behavior, and Tosly exists to surface that behavior.

The short version: Tosly only processes the visible text and URL of the page you're actively viewing, only when that page is identified as a Terms of Service or Privacy Policy. We do not require an account, do not track you across sites, and do not sell or share data with advertisers.

1. What data we process

When you view a Terms of Service or Privacy Policy page and the extension is enabled, Tosly sends the following to our backend service over HTTPS:

• The visible text of the page - the body text of the legal document, used as input to the analysis.
• The page URL - used to cache analysis results so the same page is not analyzed repeatedly.

That is the complete list of data Tosly transmits. The extension does not transmit:

• Your name, email address, IP address (beyond what is implicit in any HTTPS request), or any other personal identifier.
• Your browsing history. Tosly only sees the page you are currently viewing, not pages you visited before.
• The content of any page that is not a Terms of Service or Privacy Policy.
• Cookies, form data, login credentials, or any other browser state.
• Mouse movements, keystrokes, scroll position, or other interaction data.

2. What we do with the data

The page text is sent to a third-party large language model (LLM) provider through our backend. The LLM analyzes the document for predatory clauses (for example: data selling, forced arbitration, automatic renewals) and returns a structured response with severity ratings, summaries, and exact quotes.

The current LLM provider is Google (Gemini API). Google processes the page text under their own privacy policy, available at https://policies.google.com/privacy. We may change LLM providers in the future and will update this document accordingly.

The analysis result is then sent back to the extension and displayed to you on the page.

3. Caching

To reduce latency and LLM costs, our backend caches analysis results in memory for 7 days per URL. The cache:

• Holds analysis output only (severity, summary, flags). It does not hold user identifiers or session data.
• Is keyed by the URL of the document analyzed. If two users view the same Terms of Service page within the cache window, both receive the same cached result.
• Is cleared automatically after 7 days or when the backend service restarts.

Because the cache is shared across users, a popular Terms of Service page may be analyzed once and served from cache to many users. This is the same model used by content delivery networks for any public document.

4. What we do not do

To be explicit:

• We do not sell user data to third parties.
• We do not transfer user data to advertising networks or data brokers.
• We do not use the data for purposes unrelated to providing the analysis service (for example: building user profiles, training our own models, or marketing).
• We do not use the data to determine creditworthiness or for lending purposes.
• We do not require an account, login, or any form of identification to use the extension.
• We do not use cookies or fingerprinting to track users across sessions.

5. Local storage on your device

The extension uses Chrome's local storage API to remember your preferences on your device only. Specifically:

• Whether automatic scanning is enabled or disabled.
• The position of the on-page widget so it stays where you put it.

This data never leaves your browser. Uninstalling the extension removes it.

6. Permissions

The extension requests the following Chrome permissions:

• storage - to save your local preferences (see section 5).
• host_permissions: <all_urls> - because a legal document can be hosted on any domain. The extension only acts on pages identified as legal documents.

7. Children

Tosly is not directed at children under 13 and does not knowingly collect data from them.

8. Your rights

Because Tosly does not store personal information about you, there is generally nothing to access, correct, or delete. If you believe we hold data about you and would like to make a request, contact us through the support page below.

9. Changes to this policy

We may update this policy as the extension evolves. The "Last updated" date at the top reflects the most recent change. Significant changes - for example, adding a new category of data collection or changing LLM providers - will be communicated through the extension and the project repository.

10. Contact

Questions about this policy or how Tosly handles your data:

• Support form: tosly.online/support
• GitHub issues: github.com/preston176/tosly-chrome-extension

11. Disclaimer

Tosly provides useful signal for personal decisions about which services to use. It is not legal advice. For important contracts or legal disputes, consult a qualified attorney.